#define OS_FD_SETSIZE FD_SETSIZE
....
struct OsFdSet
{
fd_set s[OS_FD_SETSIZE / FD_SETSIZE];
};
I cannot see any number in this line. We do not have any numbers in this file…
- cpp (windows VS build)
- SonarQube (9.9 LTS)
Hey there.
Please take the time to review this post:
Which specifies that, among other things, you need to share a text-snippet of code, not a screenshot.
I swear I have read this and it said “screenshots ok”. I guess i missread. Nevermind… Edited initial post.
Hello @KUGA2,
Thank you for reporting this false positive!
Could you please send me additional information to help me reproduce the issue? I did not succeed with the current information, maybe because my configuration differs from yours or because the false positive is due to how fd_set is defined.
Specifically, I would need a reproducer. To generate one on SonarQube:
- Search in the analysis log for the full path of a source file that creates this false-positive, i.e., a source file that includes
**_p_fd_set.hwhere the false positive is. You will have to use precisely this name (same case, / or \…) - Add the reproducer option to the scanner configuration:
sonar.cfamily.reproducer=“Full path to the .cpp” - Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.
If you think the reproducer file contains private information, let me know, and I’ll send you a private message allowing you to send the file privately.
Cheers,
Amélie
I hesitate sending the sonar-cfamily-reproducer.zip (!) file because it contains a lot of sensitive information (paths, compile_commands.json).
I was able to reproduce it with a simple:
sq.cpp
#include "os_p_fd_set.h" // OsFdSet
os_p_fd_set.h
#ifndef OS_P_FD_SET_H
#define OS_P_FD_SET_H
#include <sys/select.h> // fd_set, FD_SETSIZE
#define OS_FD_SETSIZE (2 * FD_SETSIZE)
// Aggregation of n fd_set elements
struct OsFdSet
{
fd_set s[OS_FD_SETSIZE / FD_SETSIZE];
};
#endif // OS_P_FD_SET_H
So should you, I guess. Can you try again before I ask my supervisor if I can share it.
Btw: Is it normal, that the analysis fails (some java stacktrace) when I add sonar.cfamily.reproducer?
Hello,
I am sorry, but I still failed to reproduce the issue. (I have one code smell: “Use “std::array” or “std::vector” instead of a C-style array.” but that is it).
The reproducer contains helpful information: the SonarQube version, the compiler version, the compiler options, etc. It enables us to reproduce exactly what you have and ensure our fix will work for your case. I understand this is sensitive information, but it will only be used for debugging.
What about creating a reproducer for your more straightforward example?
Thanks,
Amélie
PS: Yes, it is expected, as the reproducer is for debugging and should not be activated for day-to-day analysis.
For anyone reading here. We had a long back and forth in private messages. We learned that it need this code to reproduce:
#include "os_p_fd_set.h"
void os_socket_select()
{
OsFdSet read;
if (true)
{
OsFdSet readCopy = read;
read = readCopy;
}
}
@Amelie is now looking into that.
3 Likes
